Security experts at Belgian University KU Leuven have discovered a weakness in WPA2, a wireless security protocol that is being used worldwide for internet connection over Wifi network.
The researchers have broken WPA2 protocol and have highlighted the potential for internet traffic to be exposed which can be manipulated by the hackers.
Mathy Vanhoef, a security expert at Belgian University published the details of security threats regarding WPA2 on Monday morning. “Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted,” Vanhoef’s report said. “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on.
Vanhoef emphasized that “the attack works against all modern protected wifi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
According to the report, various devices and operating systems will be affected by the vulnerability including Android, Apple, Linux, Windows, OpenBSD, MediaTek, Linksys.
“If your device supports wifi, it is most likely affected,” Vanhoef further added. “In general, any data or information that the victim transmits can be decrypted … Additionally, depending on the device
being used and the network setup, it is also possible to decrypt data sent towards the victim (e.g. the content of a website).”
Britain's National Cyber Security Centre issued a statement saying they are examining the vulnerability .“Research has been published today into potential global weaknesses to wifi systems. The attacker would have to be physically close to the target and the potential weaknesses would not compromise connections to secure websites, such as banking services or online shopping.
“We are examining the research and will be providing guidance if required. Internet security is a key
NCSC priority and we continuously update our advice on issues such as wifi safety, device management and browser security.”
The United States Computer Emergency Readiness Team(CERT) have issued warning after the release of information regarding vulnerabilities in WPA2.
“The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection
hijacking, HTTP content injection and others,” the alert further added “most or all correct implementations of the standard will be affected”.
Most of the connections use WPA2 security protocol as it is the safest, the older security protocols have been broken in the past and this was the most widespread means for encrypting wifi data. However Secure websites, Virtual Private networks and other secured connections will remain unaffected by these vulnerabilities as a added layer of security is provided in this communication.
The chief technical officer of subscription service Iron, Alex Hudson said that it is important to"keep calm" “There is a limited amount of physical security already on offer by wifi: an attack needs to be in proximity,”, “So, you’re not suddenly vulnerable to everyone on the internet. It’s very weak protection, but this is important when reviewing your threat level.
“Additionally, it’s likely that you don’t have too many protocols relying on WPA2 security. Every time you access an HTTPS site … your browser is negotiating a separate layer of encryption. Accessing secure websites over wifi is still totally safe. Hopefully – but there is no guarantee – you don’t have much information going over your network that requires the encryption WPA2 provides.”
The international Cert group has informed various Technology companies regarding vulnerabilities.
The researchers have broken WPA2 protocol and have highlighted the potential for internet traffic to be exposed which can be manipulated by the hackers.
Mathy Vanhoef, a security expert at Belgian University published the details of security threats regarding WPA2 on Monday morning. “Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted,” Vanhoef’s report said. “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on.
Vanhoef emphasized that “the attack works against all modern protected wifi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
According to the report, various devices and operating systems will be affected by the vulnerability including Android, Apple, Linux, Windows, OpenBSD, MediaTek, Linksys.
“If your device supports wifi, it is most likely affected,” Vanhoef further added. “In general, any data or information that the victim transmits can be decrypted … Additionally, depending on the device
being used and the network setup, it is also possible to decrypt data sent towards the victim (e.g. the content of a website).”
Britain's National Cyber Security Centre issued a statement saying they are examining the vulnerability .“Research has been published today into potential global weaknesses to wifi systems. The attacker would have to be physically close to the target and the potential weaknesses would not compromise connections to secure websites, such as banking services or online shopping.
“We are examining the research and will be providing guidance if required. Internet security is a key
NCSC priority and we continuously update our advice on issues such as wifi safety, device management and browser security.”
The United States Computer Emergency Readiness Team(CERT) have issued warning after the release of information regarding vulnerabilities in WPA2.
“The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection
hijacking, HTTP content injection and others,” the alert further added “most or all correct implementations of the standard will be affected”.
Most of the connections use WPA2 security protocol as it is the safest, the older security protocols have been broken in the past and this was the most widespread means for encrypting wifi data. However Secure websites, Virtual Private networks and other secured connections will remain unaffected by these vulnerabilities as a added layer of security is provided in this communication.
The chief technical officer of subscription service Iron, Alex Hudson said that it is important to"keep calm" “There is a limited amount of physical security already on offer by wifi: an attack needs to be in proximity,”, “So, you’re not suddenly vulnerable to everyone on the internet. It’s very weak protection, but this is important when reviewing your threat level.
“Additionally, it’s likely that you don’t have too many protocols relying on WPA2 security. Every time you access an HTTPS site … your browser is negotiating a separate layer of encryption. Accessing secure websites over wifi is still totally safe. Hopefully – but there is no guarantee – you don’t have much information going over your network that requires the encryption WPA2 provides.”
The international Cert group has informed various Technology companies regarding vulnerabilities.